Contrib.social

Insecure redirect chain

Open on Drupal.org β†’
Created on 11 July 2024, about 2 months ago

Our sites were recently flagged by Tenable for "insecure redirect chain."

Looking at the redirect chain in devtools, I see https://example.com/redirected-alias -> http://example.com/alias -> https://example.com/alias

Is this normal behavior or am I missing something that would enforce https through the entire redirect chain?

πŸ’¬ Support request
Status

Active

Version

1.9

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States eeyorr

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024